0

我已经通过 helm 在 Kubernetes 上安装了 docker-registry。

我可以通过 docker push 来docker push 0.0.0.0:5000/<my-container>:v1使用端口转发。

现在如何从 deployment.yaml 引用注册表中的图像?

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: <my-container>-deployment-v1
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: <my-container>-deployment
        version: v1
    spec:
      containers:
      - name: <my-container>
        image: 0.0.0.0:5000/<my-container>:v1 # <<< ????
        imagePullPolicy: Always
        ports:
        - containerPort: 80
      imagePullSecrets:
        - name: private-docker-registry-secret

这确实列出了我的容器:

curl -X GET http://0.0.0.0:5000/v2/_catalog

部署时我不断收到ImagePullBackOff

我使用内部服务名称和集群 IP 地址绑定,仍然无法正常工作。

然后尝试使用秘密:

{
  "kind": "Secret",
  "apiVersion": "v1",
  "metadata": {
    "name": "running-buffoon-docker-registry-secret",
    "namespace": "default",
    "selfLink": "/api/v1/namespaces/default/secrets/running-buffoon-docker-registry-secret",
    "uid": "127c93c1-53df-11e9-8ede-a63ad724d5b9",
    "resourceVersion": "216488",
    "creationTimestamp": "2019-03-31T18:01:56Z",
    "labels": {
      "app": "docker-registry",
      "chart": "docker-registry-1.7.0",
      "heritage": "Tiller",
      "release": "running-buffoon"
    }
  },
  "data": {
    "haSharedSecret": "xxx"
  },
  "type": "Opaque"
}

并将秘密添加到deployment.yaml:

  imagePullSecrets:
    - name: running-buffoon-docker-registry-secret

然后我得到:

image "x.x.x.x/:<my-container>v1": rpc error: code = Unknown desc = Error response from daemon: Get https://x.x.x.x/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
4

1 回答 1

1

您需要获取本地 docker 注册表的cluster-ip

您将在仪表板中找到它 - 只需访问注册表 pod 页面,然后访问相关的service. 将您的图像规格替换0.0.0.0为集群 ip。还要确保port匹配 - 通常注册表服务公开的端口与集群内公开的实际端口不同。如果您在注册表中设置了身份验证,则也需要imagepullsecret

我已经在博客中介绍了使用本地注册表设置 minikube - 可能会有所帮助。https://amritbera.com/journal/minikube-insecure-registry.html

于 2019-03-31T16:49:58.823 回答